我正在尝试学习如何在.NET Core应用程序中使用WS-Federation。我正在尝试将客户端应用程序重定向到身份验证服务的基本步骤(在我的FederationMetadata.xml文件中定义),但是当我尝试访问需要身份验证的控制器时,在这种情况下,URL为http://localhost/STSAwareApp/Test],我的重定向URL变为太大而无法使用(我得到404.15,查询字符串太大)。
由于我是WS-Federation的新手,所以我假设我在启动时遇到配置问题:
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true;
services.AddControllersWithViews();
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddWsFederation(authenticationScheme: "WsFederation", displayName: "Test WS-Fed", options =>
{
options.Wtrealm = "http://localhost/STSAwareApp/Test";
options.MetadataAddress = "http://localhost/STSAwareApp/files/FederationMetadata.xml";
options.RequireHttpsMetadata = false;
}).AddCookie(options =>
{
options.Cookie.Name = "TestStsAuth";
options.Cookie.HttpOnly = true;
});
services.AddLogging(
builder =>
{
builder.AddFilter("Microsoft", LogLevel.Trace)
.AddFilter("System", LogLevel.Trace)
.AddConsole();
});
}
}
我假设URL不仅因为wctx太长而不正确,而且应该尝试重定向到其他服务[http://localhost/STS/V1],它尝试使用带有联合身份验证参数的原始URL。查询字符串。我认为wctx应该较小,因为即使我增加URL限制的大小,它也会继续增长。
与此有关的问题是,未正确配置FederationMetadata.xml文档。不能完全确定出了什么问题,但是与其尝试拥有一个有效的xml文档,不如更新WsFederationOptions的Configuration属性。附件是更新的启动调用:
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true;
services.AddControllersWithViews();
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
}).AddWsFederation(authenticationScheme: "WsFederation", displayName: "Test WS-Fed", options =>
{
WsFederationConfiguration configuration = new WsFederationConfiguration();
configuration.TokenEndpoint = "http://localhost/STSSpike/V1";
options.Configuration = configuration;
options.Wtrealm = "http://localhost/STSAwareApp/Test";
}).AddCookie(options =>
{
options.Cookie.Name = "TestStsAuth";
options.Cookie.HttpOnly = true;
});
services.AddLogging(
builder =>
{
builder.AddFilter("Microsoft", LogLevel.Trace)
.AddFilter("System", LogLevel.Trace)
.AddConsole();
});
}
猜测这是一个相当本地化的问题,所以可能要关闭。